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1 The battle against phishing: Dynamic Security Skins 
A. Rachna Dhamija, J. D. Tygar 

>^ July 2005 Proceedings of the 2005 symposium on Usable privacy and security 
SOUPS '05 

Publisher: ACM Press 

Full text available: ^}pdf(3 98.10 KB ) Additional Information: full citat ion, abstract, reference 

Phishing is a model problem for illustrating usability concerns of privacy and security 
because both system designers and attackers battle using user interfaces to guide (or 
misguide) users. We propose a new scheme, Dynamic Security Skins, that allows a remote 
web server to prove its identity in a way that is easy for a human user to verify and hard 
for an attacker to spoof. We describe the design of an extension to the Mozilla Firefox 
browser that implements this scheme. We present two novel inte ... 

2 Ver ification: Static verification of security requirements in role based CSCW s ystems 
Tanvir Ahmed, Anand R. Tripathi 

June 2003 Proceedings of the eighth ACM symposium on Access control models and 
technologies 

Publisher: ACM Press 

Full text available: ^ pdf(260.95 KB) Additional Information: full citation , abstract , references , index terms 

In this paper, we present static verification of security requirements for CSCW systems 
using finite-state techniques, i.e., model checking. The coordination and security 
constraints of CSCW systems are specified using a role based collaboration model. The 
verification ensures completeness and consistency of the specification given global 
requirements. We have developed several verification models to check security 
properties, such as task-flow constraints, information flow or confidentiality, a ... 



Keywords: finite-state based model checking, methodology for access control policy 
design, role based access control, security policy specification 



3 Formalizing the safety of Java, the Java virtual ma c hine, and Java card 
^ Pieter H. Hartel, Luc Moreau 

>^ December 2001 ACM Computing Surveys (CSUR), volume 33 issue 4 
Publisher: ACM Press 

Full text available: f 5 "! pdf(442.86 KB) Additional Information: full citation, ^stract, refer ence s, citings, index. 
LJ ™~ ~ terms 

We review the existing literature on Java safety, emphasizing formal approaches, and the 
impact of Java safety on small footprint devices such as smartcards. The conclusion is 
that although a lot of good work has been done, a more concerted effort is needed to 
build a coherent set of machine-readable formal models of the whole of Java and its 
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implementation. This is a formidable task but we believe it is essential to build trust in 
Java safety, and thence to achieve ITSEC level 6 or Common Crite ... 

Keywords: Common criteria, programming 



D ynamic analysis of security protocols 
Alec Yasinsac 

February 2001 Proceedings of the 2000 workshop on New security paradigms 

Publisher: ACM Press 

Full text available: ^ pdf(871 .04 KB) Additional Information: full citation, references, citing s, in de x t e r m s 



5 A fixpoint calculus for local and global program flows I I 

Rajeev Alur, Swarat Chaudhuri, P. Madhusudan 

January 2006 ACM SIGPLAN Notices , Conference record of the 33rd ACM SIGPLAN- 

SIGACT symposium on Principles of programming languages POPL '06, 

Volume 41 Issue 1 
Publisher: ACM Press 

Full text available: l g[ pdf(280.13 KB) Additional Information: full citation, abstract , references, index terms 

We define a new fixpoint modal logic, the visibly pushdown /j-calculus (VP-p), as an 
extension of the modal p-calculus. The models of this logic are execution trees of 
structured programs where the procedure calls and returns are made visible. This new 
logic can express pushdown specifications on the model that its classical counterpart 
cannot, and is motivated by recent work on visibly pushdown languages [4]. We show 
that our logic naturally captures several interesting pro ... 

Keywords: p-calculus, games, infinite-state, logic, model-checking, pushdown systems, 
specification, verification 




6 Compute^ work in design: O n - t h e -fly web content integrity [_] 
check boosts users' confidence 
Soroush Sedaghat, Josef Pieprzyk, Ehsan Vossough 

November 2002 Communications of the ACM, Volume 45 Issue 11 
Publisher: ACM Press 

Full text available: l Hpdf(1 82.67 KB). AJJ . X . IIX ...... 

[5g html{25 45 KB) Addlt,onal Information: full citation, abstract, references, index terms 

Malicious attacks on Web servers by intruders and hackers are prime concerns of 
organizations, administrators of Web sites, as well as users who access them. 

7 Decidability and^ Q 
Mads Dam 

January 2006 ACM SIGPLAN Notices , Conference record of the 33rd ACM SIGPLAN- 
SIGACT symposium on Principles of programming languages POPL '06, 

Volume 41 Issue 1 
Publisher: ACM Press 

Full text available: *g}pdf(203.55 KB) Additional Information: full citation, abstract, references, index terms 

Noninterference is the basic semantical condition used to account for confidentiality and 
integrity-related properties in programming languages. There appears to be an at least 
implicit belief in the programming languages community that partial approaches based on 
type systems or other static analysis techniques are necessary for noninterference 
analyses to be tractable. In this paper we show that this belief is not necessarily true. We 
focus on the notion of strong low bisimulation proposed by ... 

Keywords: information flow, intransitive noninterference, language-based security, 
multi-level security, noninterference 
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Confined ty pes I I 

Jan Vitek, Boris Bokowski 

October 1999 ACM SIGPLAN Notices , Proceedings of the 14th ACM SIGPLAN 

conference on Object-oriented programming, systems, languages, and 
applications OOPSLA '99, volume 34 issue 10 
Publisher: ACM Press 

Full text available- 1?) pdf(1 71MB) Additional Information: full citation , abstract , references, citings, index 
" u terms 

Sharing and transfer of object references is difficult to control in object-oriented 
languages. Unconstrained sharing poses serious problems for writing secure components 
in object-oriented languages. In this paper, we present a set of inexpensive syntactic 
constraints that strengthen encapsulation in object-oriented programs and facilitate the 
implementation of secure systems. We introduce two mechanisms: confined types to 
impose static scoping on dynamic object references ... 

9 Computer s ecurity (S E C): Fo rmal sp ec ifi c ati o n of role-based securi t y policies for I I 
clinical information systems 
Karsten Sohr, Michael Drouineaud, Gail-Joon Ahn 

March 2005 Proceedings of the 2005 ACM symposium on Applied computing SAC '05 

Publisher: ACM Press 

Full text available- If!) pdf(196 29 KB) Ac,dit ' onal Information: full citation , abstract , references , citings , index 
' ^ ' terms 

Many healthcare organizations have transited from their old and disparate business 
models based on ink and paper to a new, consolidated ones based on electronic patient 
records. There are significant demands on secure mechanisms for collaboration and data 
sharing among clinicians, patients and researchers through clinical information systems. 
In order to fulfil the high demands of data protection in such systems, we believe that 
access control policies play an important role to reduce the risks ... 

Keywords: LTL, authorisation constraints, healthcare environments 



10 Harmless advice Q 

Daniel S. Dantas, David Walker 
V January 2006 ACM SIGPLAN Notices , Conference record of the 33rd ACM SIGPLAN- 
SIGACT symposium on Principles of programming languages POPL '06, 

Volume 41 Issue 1 
Publisher: ACM Press 

Full text available: ^ pdf( 258.39 KB) Additional Information: full citati o n , abstra ct, referenc es, index terms 

This paper defines an object-oriented language with harmless aspect-oriented advice. A 
piece of harmless advice is a computation that, like ordinary aspect-oriented advice, 
executes when control reaches a designated control-flow point. However, unlike ordinary 
advice, harmless advice is designed to obey a weak non-interference property. Harmless 
advice may change the termination behavior of computations and use I/O, but it does not 
otherwise influence the final result of the mainline code ... 

Keywords: aspect-oriented, aspects, harmless advice, noninterference 



1 1 Short papers: Appli cation of s ync hronous dy namic encryption s ystem ( SDES) in I I 
wireless sen sor networks 
Hamdy S. Soliman, Mohammed Omari 

October 2005 Proceedings of the 2nd ACM international workshop on Performance 
evaluation of wireless ad hoc, sensor, and ubiquitous networks PE- 
WASUN '05 

Publisher: ACM Press 
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Full text available: ^g] pdf( 59.63 KB ) Additional Information: full citation , abstract, references , index terms 

In this paper, we introduce a novel security protocol for wireless network of sensors. The 
new security mechanism is efficient, flexible, and very amenable for deployment in the 
resource constrained sensor networks. Our cryptosystem is a simple and fast stream 
cipher that utilizes permutation vectors as encryption keys, forcing an intruder to a brute- 
force time complexity of Q(2 n ). In addition, our mechanism alleviates the effect of sensor 
capture, via its re-keying feature. It a ... 

Keywords: deployment knowledge, encryption permutation vectors, power balancing, 
sensors security primitives, stream ciphers 



Emerging applications: Defending against redirect attacks in mobile IP □ 
Robert H. Deng, Jianying Zhou, Feng Bao 

November 2002 Proceedings of the 9th ACM conference on Computer and 
communications security 

Publisher: ACM Press 

Full text available: ^.pdi{266^04 KB) Additional Information: full citation, abstract, references, index terms 

The route optimization operation in Mobile IP Version 6 (MIPv6) allows direct routing from 
any correspondent node to any mobile node and thus eliminates the problem of "triangle 
routing" present in the base Mobile IP Version 4 (MIPv4) protocol. Route optimization, 
however, requires that a mobile node constantly inform its correspondent nodes about its 
new care-of addresses by sending them binding update messages. Unauthenticated or 
malicious binding updates open the door for intruders to perform ... 

Keywords: authenticated key-exchange, mobile IP, mobile IP security, redirect attack, 
secure binding update 



1 3 A type s ystem f o r ex pres sive securit y p olicies I I 
David Walker 

January 2000 Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on 
Principles of programming languages 

Publisher: ACM Press 

Full text available- pdf(1 87 MB) Additional Information: full citation , abstract, references, citings, index 

Certified code is a general mechanism for enforcing security properties. In this paradigm, 
untrusted mobile code carries annotations that allow a host to verify its trustworthiness. 
Before running the agent, the host checks the annotations and proves that they imply the 
host's security policy. Despite the flexibility of this scheme, so far, compilers that 
generate certified code have focused on simple type safety properties rather than more 
general security properties. 

14 The specification and implementation of "commercial" security requirements including Q 
^ d ynamic segregation of duties 

Simon N. Foley 

April 1997 Proceedings of the 4th ACM conference on Computer and communications 

security 
Publisher: ACM Press 

Full text available: fflpdf (J L32. MB) Additional Information: full citation, references, citings, index terms 



15 Static enforcement of security with typ es I I 

Christian Skalka, Scott Smith 

September 2000 ACM SIGPLAN Notices , Proceedings of the fifth ACM SIGPLAN 

international conference on Functional programming ICFP 'OO, volume 

35 Issue 9 
Publisher: ACM Press 
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t erms 

A number of security systems for programming languages have recently appeared, 
including systems for enforcing some form of access control. The Java JDK 1.2 security 
architecture is one such system that is widely studied and used. While the architecture 
has many appealing features, access control checks are all implemented via dynamic 
method calls. This is a highly non-declarative form of specification which is hard to read, 
and which leads to additional run-time overhead. In this paper, ... 

16 Data Security □ 
Dorothy E. Denning, Peter J. Denning 

September 1979 ACM Computing Surveys (CSUR), Volume 11 Issue 3 
Publisher: ACM Press 

Full text available: ^pdf(1.97 MB) Additional Information: full ci tation , reference s, citings, index term s 




7 Stack ins pec ti on : th eo ry and va ri ants I I 

Cedric Fournet, Andrew D. Gordon 

January 2002 ACM SIGPLAN Notices , Proceedings of the 29th ACM SIGPLAN-SIGACT 
symposium on Principles of programming languages POPL '02, volume 37 
Issue 1 
Publisher: ACM Press 

Full text available: ^f] p df (318.67 KB) Additional Information: full citation , abstract , references, citings 

Stack inspection is a security mechanism implemented in runtimes such as the JVM and 
the CLR to accommodate components with diverse levels of trust. Although stack 
inspection enables the fine-grained expression of access control policies, it has rather a 
complex and subtle semantics. We present a formal semantics and an equational theory 
to explain how stack inspection affects program behaviour and code optimisations. We 
discuss the security properties enforced by stack inspection, and also cons ... 




1 8 Stack inspection: Theory and variants Q 

Cedric Fournet, Andrew D. Gordon 
>^ May 2003 ACM Transactions on Programming Languages and Systems (TOPLAS), 

Volume 25 Issue 3 
Publisher: ACM Press 

Full text available: |E| pdf (357.08 KB) Additional Information: Miration, abstract, references, index terms, 

review 

Stack inspection is a security mechanism implemented in runtimes such as the JVM and 
the CLR to accommodate components with diverse levels of trust. Although stack 
inspection enables the fine-grained expression of access control policies, it has rather a 
complex and subtle semantics. We present a formal semantics and an equational theory 
to explain how stack inspection affects program behavior and code optimisations. We 
discuss the security properties enforced by stack inspection, and also consi ... 

Keywords: Access control, contextual equivalence, equational reasoning, operational 
semantics, stack inspection 



19 An ob je ct -o r iente d mode l of acces s c ontr o l based on ro le Q 
Yan Han, Liu Fengyu, Zhang Hong 

March 2000 ACM SIGSOFT Software Engineering Notes, volume 25 issue 2 
Publisher: ACM Press 

Full text available: ^| pdf(607.02 KB) Additional Information: full citation , abstract, index terms 

At present, majority access control models mainly deal with data-protection at the back- 
end of applications. However, they are not applicable for large and complex multi-user 
applications. Though Object Technology has turned into one of the mainstream 
approaches for large and complex applications development, it still lacks a general model 
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of application-level access control. While the existing models of role-based access control 
could simplify privilege management, they neglect the dynamic feat ... 

Keywords: access control, application development, modeling, object-oriented, role, 
security management 



20 Securit y technolo gy and ap plications: Modellin g a flexible network secur i ty systems I I 
using multi-agents systems: security assessment considerations 
Gustavo A. Santana Torrellas, Luis A. Villa Vargas 

September 2003 Proceedings of the 1st international symposium on Information and 
communication technologies ISICT '03 

Publisher: Trinity College Dublin 

Full text available: *gpdf(355.16 KB) Additional Information: full citation, abstract , references 

Recent developments have made it possible to interoperate complex business applications 
at much lower costs. Application interoperation, along with business process 
reengineering can result in significant savings by eliminating work created by 
disconnected business processes due to isolated business applications. However, we 
believe much greater productivity benefits can be achieved by facilitating timely decision- 
making, utilizing information from multiple enterprise perspectives. To stay compe ... 
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